Intel chip vulnerability lets hackers easily hijack fleets of PCs

Security researchers say exploiting the vulnerability requires little technical expertise, and can result in a hacker taking full control of an affected PC.

A vulnerability in Intel chips that went undiscovered for almost a decade allows hackers to remotely gain full control over affected Windows PCs without needing a password.

The “critical”-rated bug, disclosed by Intel last week, lies in a feature of Intel’s Active Management Technology (more commonly known as just AMT), which allows IT administrators to remotely carry out maintenance and other tasks on entire fleets of computers as if they were there in person, like software updates and wiping hard drives. AMT also allows the administrator to remotely control the computer’s keyboard and mouse, even if the PC is powered off. …

Source: Intel chip vulnerability lets hackers easily hijack fleets of PCs

Share

Amazon breach shows need for stronger third-party cybersecurity

Hackers breached the Amazon accounts of several third party vendors using stolen credentials obtained through the dark web to post fake deals and steal cash.

The threat actors have reportedly changed the bank deposit information on the compromised accounts to steal tens of thousands of dollars from the users, several sellers and advertisers have said. The attackers also targeted accounts that hadn’t been recently used to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash.

It’s unclear how many accounts were compromised and the hack appears to have stemmed from email and password credentials stolen from a previous breach. …

Source: Amazon breach shows need for stronger third-party cybersecurity

Share

False alarms: hackers take over Dallas’s 156 sirens before system deactivated

Hackers took control over the 156 sirens in Dallas this weekend, triggering false alarms on the system used to alert residents to take shelter from inclement weather, until officials deactivated the system early Saturday morning.

The person or people responsible were able to hack into a part of the system that was communicating with all 156 of the city’s sirens, said Rocky Vaz, who heads the city’s office of emergency management, at a news conference.

Technicians were trying to determine how to bring the system back online without the risk of it being hacked again, he said. In the meantime, the public has access to other alert systems. Vaz said he hoped to have the siren system back up by Sunday. …

Source: False alarms: hackers take over Dallas’s 156 sirens before system deactivated

Share

Hackers Delight When Businesses Get Lax on Security

Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online store selling Viagra and Cialis.

The problem might have been at the company that hosts the site. It might have been that Heath’s passwords weren’t strong enough. But the invasion taught Heath a lesson that computer experts say many small business owners still need: Keeping your company’s computers and online sites safe isn’t a one-time operation, but requires continual vigilance as new kinds of attacks emerge. …

The chances of a small business being invaded, of having computers, smartphones, tablets and even bank accounts hacked because of poor cybersecurity, are rapidly growing. And some of the very things small businesses are encouraged to do to make themselves more visible, like having blogs, can also make them more vulnerable. …

Source: Hackers Delight When Businesses Get Lax on Security

Share